\n<\/p>\n
Enterprise security company SonicWall is urging its customers to disable a core feature of its most recent line-up of firewall devices after security researchers reported an uptick in ransomware incidents targeting SonicWall customers.\u00a0<\/p>\n
In a statement this week<\/a>, SonicWall said it had observed a \u201cnotable increase\u201d of security incidents targeting its Generation 7 firewalls where customers have its VPN enabled. The company said it is \u201cactively investigating these incidents to determine whether they are connected to a previously disclosed vulnerability or if a new vulnerability may be responsible.\u201d<\/p>\n The company\u2019s alert comes as security researchers say they have identified hackers targeting SonicWall devices to gain initial access to a victim\u2019s network.\u00a0<\/p>\n Hackers are increasingly targeting enterprise products<\/a>, like firewalls and VPNs, which work as digital gatekeepers, allowing legitimate employees access to the company\u2019s network. But security flaws in these products can allow malicious hackers in, enabling attackers to launch data-stealing or destructive attacks.<\/p>\n Security firm Arctic Wolf said it has seen intrusions<\/a> targeting SonicWall customers as far back as mid-July. The company said \u201cavailable evidence points to the existence of a zero-day vulnerability,\u201d referring to a security bug that was discovered and exploited before the vendor could patch the issue.<\/p>\n The researchers said they witnessed a short gap between the exploitation of the SonicWall firewall and the subsequent deployment of file-encrypting malware, or ransomware.<\/p>\n Huntress Labs, another cybersecurity firm, said it is \u201clikely\u201d that a zero-day bug in SonicWall firewalls is to blame<\/a> for the attacks, and warned that the hackers exploiting the bug have been seen gaining access to a company\u2019s domain controllers, which manages the devices and users on that network.\u00a0<\/p>\n In its blog, Huntress said it believes the Akira ransomware gang is behind some of the attacks targeting SonicWall customers. Akira has been known to target enterprise products, like Fortinet firewalls<\/a>, to break into large networks.<\/p>\n \u201cThis is a critical, ongoing threat,\u201d wrote Huntress.<\/p>\n<\/div>\n